![]() This technology targets all Java platforms that support Java annotations, as introduced We would try to develop annotations that could be usefullyĪpplied with a low annotation burden (e.g., making only a few annotations per class),Īlthough more intensive annotations might provide additional value.Ģ.2 What is the target Java platform? (i.e., desktop, server, personal, embedded, card, etc.) Such as Fortify Software's SCA, Coverity's forthcoming Java analysis tool, the Netbeans In addition to FindBugs and IntelliJ, other tools could benifit from such annotations, ![]() Package as having nonnull parameters unless otherwise specifically so annotated). In places where that can't currently be applied (e.g., to generic type parameters),Īnd if default annotations could be supplied (e.g., marking all methods in a class or Many of these annotations could be much more useful if annotations could be supplied These annotations are currently used by IntelliJ. Internationalization annotations, such as or indicating values that eitherĪre or are not natural language strings that need to be localized for different locations. We can look at the annotations proposed by Java Concurrency In PracticeĪnd by the CMU Fluid project as a starting point. Washington,ĭ.C., August 2001 for a discussion of using taint annotations in static analysis).Ĭoncurrency - We all know that concurrency is hard and statically detecting concurrency errors Foster, and David Wagner 10th USENIX Security Symposium. (see Detecting Format-String Vulnerabilities with Type Qualifiers, Umesh Shankar, Taint annotations - We want to check for errors such as SQL injection and cross-site scripting Method is likely incorrect (e.g., String.toLowerCase()) Nullness annotations (e.g., and Both FindBugs and IntelliJĪlready support their own versions of nullness annotations.Ĭheck return value annotation - an annotation that says ignoring the return value of a Some annotations already identified as potential candidates include: Introduced in Java 5, and may also utilize any additional annotation capabilities These annotations will be applied using the existing annotations capabilities Providing annotations if they don't know that their annotations will be portable ![]() Such as FindBugs and IntelliJ, but developers are hesitant to invest time in Such annotations have been found to be useful in tools This JSR would attempt to develop a standard set of annotations that can assistĭefect detection tools. Original Java Specification Request (JSR)Ģ.1 Please describe the proposed Specification: Reason: The Executive Committee voted to list this JSR as dormant in May 2012. ![]()
0 Comments
Leave a Reply. |